April 11, 2023

Importance Of Security in DeFi

Discover the top DeFi attack types and how to mitigate them in 2023. Learn about the risks of oracle manipulation, smart contract errors, and front-end attacks, and how to safeguard your crypto investments. Find out how Umee's commitment to security and rigorous audits make it a safe lending platform in the Cosmos ecosystem.
By Naman


Decentralized Finance (DeFi) involves using blockchain applications to remove conventional intermediaries from the financial ecosystem. While DeFi has introduced massive changes in accessibility, concerns have been raised about DeFi attacks. So far in 2023, the total amount lost to DeFi theft is $400 million. DeFi hacks accounted for billions in losses. In this blog, we’ll be discussing different types of attacks and how to mitigate them.

Oracle Manipulation

DeFi platforms allow users to take out loans based on the value of their cryptocurrency holdings, and oracles provide the current value of the cryptocurrency. If an attacker manipulates the data provided by the oracle, they could take out a larger loan than they would otherwise be able to. To mitigate the risk of oracle manipulation, it is important to use secure oracles that have undergone rigorous security audits.

(Source: Chainalysis)

Source: Chainalysis

In October 2022, the Mango Markets attack involved an oracle manipulation, where an attacker exploited a vulnerability in the oracle to manipulate the price of a stablecoin, resulting in over $116 million in losses.

To mitigate the risk of oracle manipulation, it is important to use reputable oracles such as Ojo that have designs such as Historacle that protects specifically against oracle manipulation attacks and has undergone rigorous security audits. 

Smart Contract Errors

Smart contract errors refer to mistakes or flaws in the programming of a smart contract that cause it to behave in unintended ways. These errors can result in vulnerabilities that can be exploited by attackers to steal funds or cause other damages.

To prevent smart contract errors, it is important to conduct thorough security audits and testing to identify and address vulnerabilities before the contract is deployed. Additionally, it is important to follow best practices for smart contract development, such as using well-established libraries and avoiding complex logic that can increase the risk of errors. For DeFi users, it’s always to follow the principle - never risk more than you can afford to lose.

Front End Attacks 

Phishing and DNS hijacking are two types of cyberattacks that have affected some DeFi platforms.

Phishing is a type of social engineering attack where an attacker creates a fake website or sends an email that looks like it is from a legitimate source. The goal is to trick users into entering their login credentials or other sensitive information, which the attacker can then use to steal funds or gain access to the user's account.

DNS hijacking, on the other hand, involves an attacker intercepting DNS requests to redirect users to a fake website. This can be used to steal login credentials or other sensitive information.

In August 2022, over $570k was stolen from Curve Finance after the front end was compromised through an attack that took control of its name server and installed the malicious smart contract.

Know more: Staying Safu


To mitigate these risks, it is important for DeFi protocols to have robust security measures in place. This includes conducting thorough security audits of smart contracts before they are deployed, setting up monitoring and alerting mechanisms for any irregular transactions, and following the best practices for coding and security shared by crypto and DeFi teams. 

Security is at the heart of Umee, which is why we're dedicated to not only safeguarding our protocol but also enhancing our oracle system through Ojo, which is a key component to prevent price manipulation on our platform. Our commitment to security is demonstrated through our rigorous code inspection process, where every line of code is meticulously reviewed by top auditors. This makes Umee a safety first lending specific  platform in the Cosmos ecosystem.We value our users' trust, and we strive to maintain this trust by prioritizing security and continually improving our platform's defense against malicious attacks.


Receive the latest from Umee, direct to your inbox

One weekly digest, and nothing else - promise!